From d8a96dd7713045de9bc3d7f536d4b5e2fa11a38f Mon Sep 17 00:00:00 2001 From: Erik Krogh Kristensen Date: Fri, 28 Feb 2020 09:55:15 +0100 Subject: [PATCH] change name to suggestion from previous code review --- .../ql/src/semmle/javascript/security/UselessUseOfCat.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/javascript/ql/src/semmle/javascript/security/UselessUseOfCat.qll b/javascript/ql/src/semmle/javascript/security/UselessUseOfCat.qll index c154885925f..4c8b3815586 100644 --- a/javascript/ql/src/semmle/javascript/security/UselessUseOfCat.qll +++ b/javascript/ql/src/semmle/javascript/security/UselessUseOfCat.qll @@ -105,7 +105,7 @@ class UselessCat extends CommandCall { getArgument(0).mayHaveStringValue(getACatExecuteable()) ) and // wildcards, pipes, redirections, other bash features, and multiple files (spaces) are OK. - not containsNonTrivialBashChar(getNonCommandConstantString()) and + not containsNonTrivialShellChar(getNonCommandConstantString()) and // Only acceptable option is "encoding", everything else is non-trivial to emulate with fs.readFile. ( not exists(getOptionsArg()) @@ -174,7 +174,7 @@ module PrettyPrintCatCall { ) and fileArg = createFileArgument(cat).trim() and // sanity check in case of surprising `toString` results, other uses of `containsNonTrivialBashChar` should ensure that this conjunct will hold most of the time - not(containsNonTrivialBashChar(fileArg.regexpReplaceAll("\\$|\\`| ", ""))) // string concat might contain " ", template strings might contain "$" or `, and that is OK. + not(containsNonTrivialShellChar(fileArg.regexpReplaceAll("\\$|\\`| ", ""))) // string concat might contain " ", template strings might contain "$" or `, and that is OK. | result = "fs.readFile" + sync + "(" + fileArg + extraArg + callback + ")"